diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2000-10-14 12:19:46 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2000-10-14 12:19:46 +0000 |
commit | f05c5cb553223bf99828b18f9cfcba5a7ae401a1 (patch) | |
tree | 7d468da343bd7a89be2061c06231c2639bcb923a | |
parent | 8fa01f932bd0a82e3001764a2ce87bd26b9d2afe (diff) |
do not send RSA challenge if key is not allowed by key-options; from eivind@ThinkSec.com
-rw-r--r-- | usr.bin/ssh/auth-rsa.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c index 522f01f84cb..e8bfa16510c 100644 --- a/usr.bin/ssh/auth-rsa.c +++ b/usr.bin/ssh/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.31 2000/10/11 19:59:52 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.32 2000/10/14 12:19:45 markus Exp $"); #include "rsa.h" #include "packet.h" @@ -231,6 +231,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) } } else options = NULL; + /* + * If our options do not allow this key to be used, + * do not send challenge. + */ + if (!auth_parse_options(pw, options, linenum)) + continue; /* Parse the key from the line. */ if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { @@ -269,9 +275,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) * Break out of the loop if authentication was successful; * otherwise continue searching. */ - authenticated = auth_parse_options(pw, options, linenum); - if (authenticated) - break; + authenticated = 1; + break; } /* Restore the privileged uid. */ |